The KEMP LoadMaster fully supports Oracle E-Business Suite and has been certified by Oracle. The LoadMaster efficiently distributes user traffic for the Oracle workload so users get the best performance experience possible. Also, High Availability (HA) and high capacity scale-out deployments of the Oracle solutions are complemented from the network technology side.

2 Load Balancing Oracle E-Business Suite

Deploying an Oracle environment requires multiple servers to provide High Availability (HA). Load balancing is necessary to distribute the traffic amongst these servers.

KEMP Technologies recommends the configuration shown in the above Oracle Network Topology diagram. In this scenario, the Oracle E-Business Suite version 12 leverages the Oracle Database version 11. If your configuration differs from the recommended one and there are issues deploying the LoadMaster, please contact your local KEMP Support Team for assistance.

3 Template

KEMP has developed a template containing our recommended settings for this workload. You can install this template to help when creating Virtual Services, as it automatically populates the settings. This is quicker and easier than manually configuring each Virtual Service. If needed, changes can be made to any of the Virtual Service settings after using the template.

4.1 Ports

In some cases, the ports used for accessing Oracle E-Business Suite are non-standard to provide better security. In general, all ports used by the Oracle backend systems can be freely configured by the Oracle application administrator. The standard HTTP 80 and HTTPS 443 ports for Internet-facing traffic are supported and may be used during the configuration. However, the purpose of an ADC is to provide standard ports 80/443 for Internet-facing traffic and route that traffic to non-standard ports used on the Oracle backend systems as a passive security measure.

4.2 Persistence

Persistence will provide client connections to the same Oracle server node of a scale out cluster deployment for each subsequent request to the Virtual Service.

Clients from behind a Network Address Translation (NAT) device show up as a single IP address

It can result in uneven connection distribution

Cookie Persistence

If cookies are used, there is no negative impact. The name of the cookie does not have any specific requirements.

4.3 SSL Acceleration

With SSL Acceleration enabled on a KEMP LoadMaster, there are two options which can be leveraged. Which option to choose is primarily determined by the corporate security policies within an organization.

SSL Offloading

This option allows the LoadMaster to accept connections from the clients encrypted over HTTPS and then sends the traffic to the Oracle backend application un-encrypted over HTTP. In some environments this is not permitted due to the possible security risks.

SSL Reencrypt

This option allows the LoadMaster to accept connections from the clients encrypted over HTTPS and then re-encrypts the traffic over HTTPS before sending to the Oracle EBS backend application. This configuration typically provides the security requirements for most organizations.

4.4 Certificates

Certificates play a large part in the configuration of the Oracle EBS applications. Several certificate types are used as in this configuration and must be imported into the LoadMaster.

4.4.1 Server Certificates

To encrypt traffic between the client and the LoadMaster, the necessary certificates must be installed. If the configuration is to be encrypted traffic from end to end, the same certificates on the back end systems may be used. These certificates can either be in .PEM or .PFX formats and are imported under Certificates & Security > SSL Certificates in the main menu of the LoadMaster WUI.

4.4.2 Intermediate Certificates

Intermediate certificates are imported to allow the LoadMaster to trust the Certificate Authorities used in obtaining the Server and Client Certificates. These certificates are in Base64 format and are imported under Certificates & Security > Intermediate Certs in the main menu of the LoadMaster WUI.

5 Configure the Virtual Service for Oracle E-Business Suite with SSL Acceleration

In most cases the deployment of Oracle E-Business Suite requires client to server encryption. To configure a Virtual Service with SSL Acceleration for Oracle E-Business Suite, use the following steps:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 443 in the Port text box.

The port may differ depending on the Oracle environment.

4. Enter a recognisable Service Name, for example Oracle HTTPS.

5. Ensure tcp is selected as the Protocol.

6. Click Add This Virtual Service.

7. Under Basic Properties, confirm that the Service Type is HTTP/ HTTPS.

8. Expand the Standard Options section and select the following options:

a) Deselect the Transparency check box.

b) Select Active Cookie as the Persistence Mode.

c) Select 12Hours as the Persistence Timeout.

d) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

The Persistence and Scheduling may differ depending on requirements

9. Expand the SSL Properties section and perform the following steps:

a) Select the Enabled check box.

b) Depending on the desired level of security, select Enable or Disable for Reencrypt.

c) To assign the EBS certificate previously imported, select it and click the > button.

The Forwarding method and the Weight values are set, by default, to those shown in the diagram in the Real Servers section. If required these settings may be altered.

d) Click Add this Real Server.

e) If required, add more Real Servers by repeating steps b) to d).

6 Configure the Virtual Service for Oracle EBS without SSL Acceleration

In some deployments of Oracle E-Business Suite there may be no requirement for encryption. To configure a Virtual Service without SSL Acceleration for Oracle E-Business Suite, perform the following steps:

1. In the LoadMaster WUI main menu, go to Virtual Services > Add New.

2. Enter a Virtual Address.

3. Enter 80 in the Port text box.

The port may differ depending on Oracle environment.

4. Enter a recognisable Service Name, for example Oracle EBS.

5. Ensure the Protocol is set to tcp.

6. Click Add This Virtual Service.

7. Under Basic Properties confirm that the Service Type is HTTP/ HTTPS.

8. Expand the Standard Options section and select the following options:

a) Remove the tick from the Transparency check box.

b) Select Active Cookie as the Persistence Mode.

c) Select 12 Hours as the Persistence Timeout.

d) Enter 1800 in the Idle Connection Timeout field and click Set Idle Timeout.

The HTTPS Protocol may be used if re-encryption is used to the Real Servers.

10. To add Real Servers:

a) Click the Add New button.

b) Enter the Real Server Address.

c) Enter the correct Port.

Please use the IP Address and Port of the backend server.

The Forwarding method and the Weight values are set, by default, to those shown in the diagram in the Real Servers section. If required these settings may be altered.

d) Click Add this Real Server.

e) If required, add more Real Servers by repeating steps b) to d).

7 Additional Features

Additional KEMP LoadMaster security and optimization features can be enabled for the deployment of Oracle E-Business Suite. The deployment and configuration settings of these features can be found in the documents listed in the References section of this document. These documents can be found on the KEMP documentation web page: http://kemptechnologies.com/documentation/

Content Caching - The LoadMaster can cache static content which fits certain criteria (file extension, query string, caching headers, size, and so on.). As long as the file meets these criteria it can be stored locally in the LoadMaster to avoid unnecessary requests to the Real Server to retrieve the file.